<Gutsy, OpenVPN 2.0.9, Shorewall 3.4.4, Samba 3.0.26 as PDC, dhcpd is running>
Shorewall server policy is configured for open access between loc <--> vpn and $FW<--> vpn (vpn is the separate zone established for openVPN). OpenVPN is in a routing configuration. Samba is running as PDC and WINS is enabled.
The WinXP Pro laptop's firewall is on with ports 1024-2096 open, and it reports no blocked packets.
I have no problems establishing a tunnel from the laptop either 1) when connected directly to the Internet (on a spare fixed IP address), or 2) from behind a NATed corporate firewall at work.
Once connected, however, I encounter several problems.
1) I only can connect to the server and the other systems on its local LAN using their IP addresses; network names don't work. This is true for SSH, NetHood shares, Remote Desktop Connections. For the server I can use either its openVNP 10.8.0.1 or its local IP of 192.168.2.254.
The corporate LAN on which the laptop sits uses subnets 192.168.1.0/24 and 10.0.0.0/20, separate from anything on the vpn or the local LAN.
From a WinXP system on the LAN I can use network names internally, but the laptop doesn't appear in the NetHood. From a Gutsy client setup on the LAN I see the server and the WinXP machines, but not the laptop.
It doesn't make any difference if I explicitly enable NetBIOS over TCP/IP in the Tap adapter or not.
So, routing is up but SMB or NetBIOS aren't hitting the vpn.
Here's the relevant part of smb.conf:
passdb backend = tdbsam
security = user
username map = /etc/samba/smbusers
name resolve order = bcast wins host lmhosts
domain logons = yes
preferred master = yes
wins support = yes
#Control net access
hosts allow = 192.168.2. 192.168.3. 10.8.0. localhost
interfaces = eth0 eth2 vpn lo
bind interfaces only = yes
2) I get one DHCP lease renewal error in the WinXP application event log with a timestamp that matches the time that the tunnel was established:
The IP address lease 10.8.0.6 for the Network Card with network address 00FF2B6ED103 has been denied by the DHCP server 10.8.0.5 (The DHCP Server sent a DHCPNACK message).
ipconfig on the laptop reveals that it was given 10.8.0.5 as DHCP server address for the Tap-Win32 adapter (it also has 10.8.0.1 for DNS and WINS servers as pushed from openVPN's server).
This isn't really a problem but may be a symptom of another related issue.
Any comments, hints, suggestions on how to get network browsing to work on OpenVPN are greatly appreciated.
-- Dr John